Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems. Our friends at NIST have a released a draft of “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach”. This document focuses on cyber resiliency engineering, an emerging specialty systems engineering discipline.
“Numerous reports of cyber incidents and cyber breaches indicate that extended periods of time transpired between the time an adversary initially established a presence in an organizational system by exploiting a vulnerability and when that presence was revealed or detected. In certain instances, the time periods before detection can be as longs as months or years. In the worst case, the adversary’s presence may never be detected.” — NIST SP 800-160, VOL. 2, REV. 1 (DRAFT)